Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

SpySheriff, IST Serv., System Stopped Desktop etc. [RESOLVED]

Paper Assassin

Posted 12 June 2005 - 04:27 AM

Paper Assassin

Member

Member

41 posts

Hi everyone, I was surfing as usual the other day and ran into the wrong website. Next thing I knew, I was bombarded with malware and spyware including Spy Sheriff, Maxifiles, etc. plus I have the "System Stopped...Spyware Activity Detected..." desktop hack problem.

I've followed the general 5-step directions and have run all of the recommended programs without any effect. (Ad-Aware, Spybot, AVG, TDS-3, etc.) I've also installed the SP1a update as well. The malware (and pop-ups) return after rebooting. Please refer to the below Ewido and HJT logs:

Reboot into safe mode and Run Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).

After you're done running Cleanup! follow the instructions below

Run Ewido.

Click on scanner

Make sure the following boxes are checked before scanning:

Binder

Crypter

Archives

Click on Start Scan

Let the program scan the machine

While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report

Save the report to your desktop

Reboot into normal mode.

Go to Start > Control Panel > Add or Remove Programs and remove the following: